WIP: Migrate Wiki content over to src/docs

docs/linux_pid_namespace_support.md

Index: docs/linux_pid_namespace_support.md
diff --git a/docs/linux_pid_namespace_support.md b/docs/linux_pid_namespace_support.md
new file mode 100644
index 0000000000000000000000000000000000000000..defebf6782bd3f71293bf954f153c3b4fe39a366
--- /dev/null
+++ b/docs/linux_pid_namespace_support.md
@@ -0,0 +1,42 @@
+The [LinuxSUIDSandbox](LinuxSUIDSandbox.md) currently relies on support for the CLONE\_NEWPID flag in Linux's [clone() system call](http://www.kernel.org/doc/man-pages/online/pages/man2/clone.2.html).  You can check whether your system supports PID namespaces with the code below, which must be run as root:
+
+```
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <sched.h>
+#include <stdio.h>
+#include <sys/wait.h>
+
+#if !defined(CLONE_NEWPID)
+#define CLONE_NEWPID 0x20000000
+#endif
+
+int worker(void* arg) {
+  const pid_t pid = getpid();
+  if (pid == 1) {
+    printf("PID namespaces are working\n");
+  } else {
+    printf("PID namespaces ARE NOT working. Child pid: %d\n", pid);
+  }
+
+  return 0;
+}
+
+int main() {
+  if (getuid()) {
+    fprintf(stderr, "Must be run as root.\n");
+    return 1;
+  }
+
+  char stack[8192];
+  const pid_t child = clone(worker, stack + sizeof(stack), CLONE_NEWPID, NULL);
+  if (child == -1) {
+    perror("clone");
+    fprintf(stderr, "Clone failed. PID namespaces ARE NOT supported\n");
+  }
+
+  waitpid(child, NULL, 0);
+
+  return 0;
+}
+```